Diff
Modified: trunk/LayoutTests/ChangeLog (225826 => 225827)
--- trunk/LayoutTests/ChangeLog 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/LayoutTests/ChangeLog 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1,3 +1,25 @@
+2017-12-12 John Wilander <wilan...@apple.com>
+
+ Storage Access API: Implement frame-specific access in the network storage session layer
+ https://bugs.webkit.org/show_bug.cgi?id=180679
+ <rdar://problem/35982116>
+
+ Reviewed by Alex Christensen.
+
+ Note that the expected results for
+ request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame.html
+ accepts the missing part where document.cookie is still partitioned
+ after storage access has been granted. Follow-up work tracked in
+ https://bugs.webkit.org/show_bug.cgi?id=180682.
+
+ * http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame-expected.txt: Added.
+ * http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame.html: Added.
+ * http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame-expected.txt: Copied from LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-expected.txt.
+ * http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame.html: Copied from LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html.
+ * http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-expected.txt: Removed.
+ * http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html: Removed.
+ * platform/mac-wk2/TestExpectations:
+
2017-12-12 Brian Burg <bb...@apple.com>
Web Inspector: support async setup() and async teardown() in AsyncTestSuite
Copied: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame-expected.txt (from rev 225826, trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-expected.txt) (0 => 225827)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame-expected.txt 2017-12-13 01:20:06 UTC (rev 225827)
@@ -0,0 +1,49 @@
+CONFIRM: Do you want to use your localhost ID on 127.0.0.1?
+Tests that cross-origin iframe storage access is granted if the iframe is sandboxed, has the allow token, the iframe origin is a prevalent resource, the iframe origin has had user interaction, the user opts in, and the frame is the one with access.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Storage access was granted.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
+
+--------
+Frame: 'TheIframeThatRequestsStorageAccess'
+--------
+After access granted, should receive first-party cookie.
+Received cookie named 'firstPartyCookie'.
+Did not receive cookie named 'partitionedCookie'.
+Client-side document.cookie: partitionedCookie=value
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+Should receive first-party cookie.
+Received cookie named 'firstPartyCookie'.
+Did not receive cookie named 'partitionedCookie'.
+Client-side document.cookie: firstPartyCookie=value
+
+--------
+Frame: '<!--framePath //<!--frame2-->-->'
+--------
+Should not receive cookies.
+Did not receive cookie named 'firstPartyCookie'.
+Did not receive cookie named 'partitionedCookie'.
+Client-side document.cookie:
+
+--------
+Frame: '<!--framePath //<!--frame3-->-->'
+--------
+
+
+
+--------
+Frame: '<!--framePath //<!--frame4-->-->'
+--------
+Should receive partitioned cookie.
+Did not receive cookie named 'firstPartyCookie'.
+Received cookie named 'partitionedCookie'.
+Client-side document.cookie: partitionedCookie=value
Copied: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame.html (from rev 225826, trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html) (0 => 225827)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame.html (rev 0)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame.html 2017-12-13 01:20:06 UTC (rev 225827)
@@ -0,0 +1,142 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src=""
+ <script src=""
+ <script>
+ description("Tests that cross-origin iframe storage access is granted if the iframe is sandboxed, has the allow token, the iframe origin is a prevalent resource, the iframe origin has had user interaction, the user opts in, and the frame is the one with access.");
+ jsTestIsAsync = true;
+
+ const hostUnderTest = "localhost:8000";
+ const statisticsUrl = "http://" + hostUnderTest + "/temp";
+
+ const partitionHost = "127.0.0.1:8000";
+ const thirdPartyOrigin = "http://localhost:8000";
+ const resourcePath = "/storageAccess/resources";
+ const thirdPartyBaseUrl = thirdPartyOrigin + resourcePath;
+ const firstPartyCookieName = "firstPartyCookie";
+ const subPathToSetFirstPartyCookie = "/set-cookie.php?name=" + firstPartyCookieName + "&value=value";
+ const partitionedCookieName = "partitionedCookie";
+ const subPathToSetPartitionedCookie = "/set-cookie.php?name=" + partitionedCookieName + "&value=value";
+ const returnUrl = "http://" + partitionHost + "/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame.html";
+ const subPathToGetCookies = "/get-cookies.php?name1=" + firstPartyCookieName + "&name2=" + partitionedCookieName;
+
+ function setEnableFeature(enable) {
+ if (!enable)
+ testRunner.statisticsResetToConsistentState();
+ internals.setResourceLoadStatisticsEnabled(enable);
+ testRunner.setCookieStoragePartitioningEnabled(enable);
+ testRunner.setStorageAccessAPIEnabled(enable);
+ }
+
+ function openIframe(url, onLoadHandler) {
+ const element = document.createElement("iframe");
+ element.src = ""
+ if (onLoadHandler) {
+ element._onload_ = onLoadHandler;
+ }
+ document.body.appendChild(element);
+ }
+
+ function receiveMessage(event) {
+ if (event.origin === "http://localhost:8000") {
+ if (event.data.indexOf("PASS") !== -1)
+ testPassed(event.data.replace("PASS ", ""));
+ else
+ testFailed(event.data);
+ } else
+ testFailed("Received a message from an unexpected origin: " + event.origin);
+ runTest();
+ }
+
+ function activateElement(elementId) {
+ var element = document.getElementById(elementId);
+ var centerX = element.offsetLeft + element.offsetWidth / 2;
+ var centerY = element.offsetTop + element.offsetHeight / 2;
+ UIHelper.activateAt(centerX, centerY).then(
+ function () {
+ if (window.eventSender)
+ eventSender.keyDown("escape");
+ else {
+ testFailed("No eventSender.");
+ setEnableFeature(false);
+ finishJSTest();
+ }
+ },
+ function () {
+ testFailed("Promise rejected.");
+ setEnableFeature(false);
+ finishJSTest();
+ }
+ );
+ }
+
+ function runTest() {
+ switch (document.location.hash) {
+ case "#step1":
+ // Set localhost as prevalent.
+ if (testRunner.isStatisticsPrevalentResource(statisticsUrl))
+ testFailed("Host prematurely set as prevalent resource.");
+ // Set first-party cookie for localhost.
+ document.location.href = "" + subPathToSetFirstPartyCookie + "#" + returnUrl + "#step2";
+ break;
+ case "#step2":
+ document.location.hash = "step3";
+ // Check that the first-party cookie does get sent for localhost under 127.0.0.1.
+ openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive first-party cookie.", runTest);
+ break;
+ case "#step3":
+ document.location.hash = "step4";
+ testRunner.setStatisticsPrevalentResource(statisticsUrl, true);
+ if (!testRunner.isStatisticsPrevalentResource(statisticsUrl))
+ testFailed("Host did not get set as prevalent resource.");
+ testRunner.setStatisticsHasHadNonRecentUserInteraction(statisticsUrl);
+ if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl))
+ testFailed("Host did not get logged for user interaction.");
+ testRunner.statisticsUpdateCookiePartitioning();
+ // Check that the first-party cookie does not get sent for localhost under 127.0.0.1.
+ openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should not receive cookies.", runTest);
+ break;
+ case "#step4":
+ document.location.hash = "step5";
+ // Set partitioned cookie for localhost.
+ openIframe(thirdPartyBaseUrl + subPathToSetPartitionedCookie, runTest);
+ break;
+ case "#step5":
+ document.location.hash = "step6";
+ // Check that the partitioned cookie does get sent for localhost under 127.0.0.1.
+ openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive partitioned cookie.", runTest);
+ break;
+ case "#step6":
+ document.location.hash = "step7";
+ activateElement("TheIframeThatRequestsStorageAccess");
+ break;
+ case "#step7":
+ document.location.hash = "step8";
+ // Check that the first-party cookie gets sent for localhost under 127.0.0.1 since we're opening in the frame that was granted access.
+ document.getElementById("TheIframeThatRequestsStorageAccess").src = "" + subPathToGetCookies + "&message=After access granted, should receive first-party cookie.";
+ break;
+ case "#step8":
+ setEnableFeature(false);
+ finishJSTest();
+ break;
+ }
+ }
+
+ if (document.location.hash === "") {
+ setEnableFeature(true);
+ if (testRunner.isStatisticsPrevalentResource(thirdPartyBaseUrl))
+ testFailed("Localhost was classified as prevalent resource before the test starts.");
+ // Make sure the network process is up-to-date.
+ testRunner.statisticsSetShouldPartitionCookiesForHost("localhost", false);
+ testRunner.dumpChildFramesAsText();
+ document.location.hash = "step1";
+ }
+
+ window.addEventListener("message", receiveMessage, false);
+ </script>
+</head>
+<body>
+ <iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals" _onload_="runTest()" id="TheIframeThatRequestsStorageAccess" src=""
+</body>
+</html>
\ No newline at end of file
Copied: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame-expected.txt (from rev 225826, trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-expected.txt) (0 => 225827)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame-expected.txt 2017-12-13 01:20:06 UTC (rev 225827)
@@ -0,0 +1,54 @@
+CONFIRM: Do you want to use your localhost ID on 127.0.0.1?
+Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, the iframe origin is a prevalent resource, the iframe origin has had user interaction, the user opts in, but the frame is not the one with access.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Storage access was granted.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
+
+--------
+Frame: 'theIframe'
+--------
+
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+Should receive first-party cookie.
+Received cookie named 'firstPartyCookie'.
+Did not receive cookie named 'partitionedCookie'.
+Client-side document.cookie: firstPartyCookie=value
+
+--------
+Frame: '<!--framePath //<!--frame2-->-->'
+--------
+Should not receive cookies.
+Did not receive cookie named 'firstPartyCookie'.
+Did not receive cookie named 'partitionedCookie'.
+Client-side document.cookie:
+
+--------
+Frame: '<!--framePath //<!--frame3-->-->'
+--------
+
+
+
+--------
+Frame: '<!--framePath //<!--frame4-->-->'
+--------
+Should receive partitioned cookie.
+Did not receive cookie named 'firstPartyCookie'.
+Received cookie named 'partitionedCookie'.
+Client-side document.cookie: partitionedCookie=value
+
+--------
+Frame: '<!--framePath //<!--frame5-->-->'
+--------
+Should receive partitioned cookie.
+Did not receive cookie named 'firstPartyCookie'.
+Received cookie named 'partitionedCookie'.
+Client-side document.cookie: partitionedCookie=value
Copied: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame.html (from rev 225826, trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html) (0 => 225827)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame.html (rev 0)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame.html 2017-12-13 01:20:06 UTC (rev 225827)
@@ -0,0 +1,142 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src=""
+ <script src=""
+ <script>
+ description("Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, the iframe origin is a prevalent resource, the iframe origin has had user interaction, the user opts in, but the frame is not the one with access.");
+ jsTestIsAsync = true;
+
+ const hostUnderTest = "localhost:8000";
+ const statisticsUrl = "http://" + hostUnderTest + "/temp";
+
+ const partitionHost = "127.0.0.1:8000";
+ const thirdPartyOrigin = "http://localhost:8000";
+ const resourcePath = "/storageAccess/resources";
+ const thirdPartyBaseUrl = thirdPartyOrigin + resourcePath;
+ const firstPartyCookieName = "firstPartyCookie";
+ const subPathToSetFirstPartyCookie = "/set-cookie.php?name=" + firstPartyCookieName + "&value=value";
+ const partitionedCookieName = "partitionedCookie";
+ const subPathToSetPartitionedCookie = "/set-cookie.php?name=" + partitionedCookieName + "&value=value";
+ const returnUrl = "http://" + partitionHost + "/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame.html";
+ const subPathToGetCookies = "/get-cookies.php?name1=" + firstPartyCookieName + "&name2=" + partitionedCookieName;
+
+ function setEnableFeature(enable) {
+ if (!enable)
+ testRunner.statisticsResetToConsistentState();
+ internals.setResourceLoadStatisticsEnabled(enable);
+ testRunner.setCookieStoragePartitioningEnabled(enable);
+ testRunner.setStorageAccessAPIEnabled(enable);
+ }
+
+ function openIframe(url, onLoadHandler) {
+ const element = document.createElement("iframe");
+ element.src = ""
+ if (onLoadHandler) {
+ element._onload_ = onLoadHandler;
+ }
+ document.body.appendChild(element);
+ }
+
+ function receiveMessage(event) {
+ if (event.origin === "http://localhost:8000") {
+ if (event.data.indexOf("PASS") !== -1)
+ testPassed(event.data.replace("PASS ", ""));
+ else
+ testFailed(event.data);
+ } else
+ testFailed("Received a message from an unexpected origin: " + event.origin);
+ runTest();
+ }
+
+ function activateElement(elementId) {
+ var element = document.getElementById(elementId);
+ var centerX = element.offsetLeft + element.offsetWidth / 2;
+ var centerY = element.offsetTop + element.offsetHeight / 2;
+ UIHelper.activateAt(centerX, centerY).then(
+ function () {
+ if (window.eventSender)
+ eventSender.keyDown("escape");
+ else {
+ testFailed("No eventSender.");
+ setEnableFeature(false);
+ finishJSTest();
+ }
+ },
+ function () {
+ testFailed("Promise rejected.");
+ setEnableFeature(false);
+ finishJSTest();
+ }
+ );
+ }
+
+ function runTest() {
+ switch (document.location.hash) {
+ case "#step1":
+ // Set localhost as prevalent.
+ if (testRunner.isStatisticsPrevalentResource(statisticsUrl))
+ testFailed("Host prematurely set as prevalent resource.");
+ // Set first-party cookie for localhost.
+ document.location.href = "" + subPathToSetFirstPartyCookie + "#" + returnUrl + "#step2";
+ break;
+ case "#step2":
+ document.location.hash = "step3";
+ // Check that the first-party cookie does get sent for localhost under 127.0.0.1.
+ openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive first-party cookie.", runTest);
+ break;
+ case "#step3":
+ document.location.hash = "step4";
+ testRunner.setStatisticsPrevalentResource(statisticsUrl, true);
+ if (!testRunner.isStatisticsPrevalentResource(statisticsUrl))
+ testFailed("Host did not get set as prevalent resource.");
+ testRunner.setStatisticsHasHadNonRecentUserInteraction(statisticsUrl);
+ if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl))
+ testFailed("Host did not get logged for user interaction.");
+ testRunner.statisticsUpdateCookiePartitioning();
+ // Check that the first-party cookie does not get sent for localhost under 127.0.0.1.
+ openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should not receive cookies.", runTest);
+ break;
+ case "#step4":
+ document.location.hash = "step5";
+ // Set partitioned cookie for localhost.
+ openIframe(thirdPartyBaseUrl + subPathToSetPartitionedCookie, runTest);
+ break;
+ case "#step5":
+ document.location.hash = "step6";
+ // Check that the partitioned cookie does get sent for localhost under 127.0.0.1.
+ openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive partitioned cookie.", runTest);
+ break;
+ case "#step6":
+ document.location.hash = "step7";
+ activateElement("theIframe");
+ break;
+ case "#step7":
+ document.location.hash = "step8";
+ // Check that the partitioned cookie gets sent for localhost under 127.0.0.1 since we're opening a new frame.
+ openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive partitioned cookie.", runTest);
+ break;
+ case "#step8":
+ setEnableFeature(false);
+ finishJSTest();
+ break;
+ }
+ }
+
+ if (document.location.hash === "") {
+ setEnableFeature(true);
+ if (testRunner.isStatisticsPrevalentResource(thirdPartyBaseUrl))
+ testFailed("Localhost was classified as prevalent resource before the test starts.");
+ // Make sure the network process is up-to-date.
+ testRunner.statisticsSetShouldPartitionCookiesForHost("localhost", false);
+ testRunner.dumpChildFramesAsText();
+ document.location.hash = "step1";
+ }
+
+ window.addEventListener("message", receiveMessage, false);
+ </script>
+</head>
+<body>
+ <iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals" _onload_="runTest()" id="theIframe" src=""
+</body>
+</html>
\ No newline at end of file
Deleted: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-expected.txt (225826 => 225827)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-expected.txt 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-expected.txt 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1,54 +0,0 @@
-CONFIRM: Do you want to use your localhost ID on 127.0.0.1?
-Tests that cross-origin iframe storage access is granted if the iframe is sandboxed, has the allow token, the iframe origin is a prevalent resource, the iframe origin has had user interaction, and the user opts in.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Storage access was granted.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: 'theIframe'
---------
-
-
---------
-Frame: '<!--framePath //<!--frame1-->-->'
---------
-Should receive first-party cookie.
-Received cookie named 'firstPartyCookie'.
-Did not receive cookie named 'partitionedCookie'.
-Client-side document.cookie: firstPartyCookie=value
-
---------
-Frame: '<!--framePath //<!--frame2-->-->'
---------
-Should not receive cookies.
-Did not receive cookie named 'firstPartyCookie'.
-Did not receive cookie named 'partitionedCookie'.
-Client-side document.cookie:
-
---------
-Frame: '<!--framePath //<!--frame3-->-->'
---------
-
-
-
---------
-Frame: '<!--framePath //<!--frame4-->-->'
---------
-Should receive partitioned cookie.
-Did not receive cookie named 'firstPartyCookie'.
-Received cookie named 'partitionedCookie'.
-Client-side document.cookie: partitionedCookie=value
-
---------
-Frame: '<!--framePath //<!--frame5-->-->'
---------
-Should receive first-party cookie.
-Received cookie named 'firstPartyCookie'.
-Did not receive cookie named 'partitionedCookie'.
-Client-side document.cookie: firstPartyCookie=value
Deleted: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html (225826 => 225827)
--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1,142 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <script src=""
- <script src=""
- <script>
- description("Tests that cross-origin iframe storage access is granted if the iframe is sandboxed, has the allow token, the iframe origin is a prevalent resource, the iframe origin has had user interaction, and the user opts in.");
- jsTestIsAsync = true;
-
- const hostUnderTest = "localhost:8000";
- const statisticsUrl = "http://" + hostUnderTest + "/temp";
-
- const partitionHost = "127.0.0.1:8000";
- const thirdPartyOrigin = "http://localhost:8000";
- const resourcePath = "/storageAccess/resources";
- const thirdPartyBaseUrl = thirdPartyOrigin + resourcePath;
- const firstPartyCookieName = "firstPartyCookie";
- const subPathToSetFirstPartyCookie = "/set-cookie.php?name=" + firstPartyCookieName + "&value=value";
- const partitionedCookieName = "partitionedCookie";
- const subPathToSetPartitionedCookie = "/set-cookie.php?name=" + partitionedCookieName + "&value=value";
- const returnUrl = "http://" + partitionHost + "/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html";
- const subPathToGetCookies = "/get-cookies.php?name1=" + firstPartyCookieName + "&name2=" + partitionedCookieName;
-
- function setEnableFeature(enable) {
- if (!enable)
- testRunner.statisticsResetToConsistentState();
- internals.setResourceLoadStatisticsEnabled(enable);
- testRunner.setCookieStoragePartitioningEnabled(enable);
- testRunner.setStorageAccessAPIEnabled(enable);
- }
-
- function openIframe(url, onLoadHandler) {
- const element = document.createElement("iframe");
- element.src = ""
- if (onLoadHandler) {
- element._onload_ = onLoadHandler;
- }
- document.body.appendChild(element);
- }
-
- function receiveMessage(event) {
- if (event.origin === "http://localhost:8000") {
- if (event.data.indexOf("PASS") !== -1)
- testPassed(event.data.replace("PASS ", ""));
- else
- testFailed(event.data);
- } else
- testFailed("Received a message from an unexpected origin: " + event.origin);
- runTest();
- }
-
- function activateElement(elementId) {
- var element = document.getElementById(elementId);
- var centerX = element.offsetLeft + element.offsetWidth / 2;
- var centerY = element.offsetTop + element.offsetHeight / 2;
- UIHelper.activateAt(centerX, centerY).then(
- function () {
- if (window.eventSender)
- eventSender.keyDown("escape");
- else {
- testFailed("No eventSender.");
- setEnableFeature(false);
- finishJSTest();
- }
- },
- function () {
- testFailed("Promise rejected.");
- setEnableFeature(false);
- finishJSTest();
- }
- );
- }
-
- function runTest() {
- switch (document.location.hash) {
- case "#step1":
- // Set localhost as prevalent.
- if (testRunner.isStatisticsPrevalentResource(statisticsUrl))
- testFailed("Host prematurely set as prevalent resource.");
- // Set first-party cookie for localhost.
- document.location.href = "" + subPathToSetFirstPartyCookie + "#" + returnUrl + "#step2";
- break;
- case "#step2":
- document.location.hash = "step3";
- // Check that the first-party cookie does get sent for localhost under 127.0.0.1.
- openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive first-party cookie.", runTest);
- break;
- case "#step3":
- document.location.hash = "step4";
- testRunner.setStatisticsPrevalentResource(statisticsUrl, true);
- if (!testRunner.isStatisticsPrevalentResource(statisticsUrl))
- testFailed("Host did not get set as prevalent resource.");
- testRunner.setStatisticsHasHadNonRecentUserInteraction(statisticsUrl);
- if (!testRunner.isStatisticsHasHadUserInteraction(statisticsUrl))
- testFailed("Host did not get logged for user interaction.");
- testRunner.statisticsUpdateCookiePartitioning();
- // Check that the first-party cookie does not get sent for localhost under 127.0.0.1.
- openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should not receive cookies.", runTest);
- break;
- case "#step4":
- document.location.hash = "step5";
- // Set partitioned cookie for localhost.
- openIframe(thirdPartyBaseUrl + subPathToSetPartitionedCookie, runTest);
- break;
- case "#step5":
- document.location.hash = "step6";
- // Check that the partitioned cookie does get sent for localhost under 127.0.0.1.
- openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive partitioned cookie.", runTest);
- break;
- case "#step6":
- document.location.hash = "step7";
- activateElement("theIframe");
- break;
- case "#step7":
- document.location.hash = "step8";
- // Check that not the partitioned but the first-party cookie gets sent for localhost under 127.0.0.1.
- openIframe(thirdPartyBaseUrl + subPathToGetCookies + "&message=Should receive first-party cookie.", runTest);
- break;
- case "#step8":
- setEnableFeature(false);
- finishJSTest();
- break;
- }
- }
-
- if (document.location.hash === "") {
- setEnableFeature(true);
- if (testRunner.isStatisticsPrevalentResource(thirdPartyBaseUrl))
- testFailed("Localhost was classified as prevalent resource before the test starts.");
- // Make sure the network process is up-to-date.
- testRunner.statisticsSetShouldPartitionCookiesForHost("localhost", false);
- testRunner.dumpChildFramesAsText();
- document.location.hash = "step1";
- }
-
- window.addEventListener("message", receiveMessage, false);
- </script>
-</head>
-<body>
- <iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals" _onload_="runTest()" id="theIframe" src=""
-</body>
-</html>
\ No newline at end of file
Modified: trunk/LayoutTests/platform/mac-wk2/TestExpectations (225826 => 225827)
--- trunk/LayoutTests/platform/mac-wk2/TestExpectations 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/LayoutTests/platform/mac-wk2/TestExpectations 2017-12-13 01:20:06 UTC (rev 225827)
@@ -760,7 +760,8 @@
http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe.html [ Pass ]
http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html [ Pass ]
http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-recent-user-interaction.html [ Pass ]
-[ HighSierra+ ] http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html [ Pass ]
+[ HighSierra+ ] http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame.html [ Pass ]
+[ HighSierra+ ] http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame.html [ Pass ]
http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-without-user-interaction.html [ Pass ]
http/tests/storageAccess/request-storage-access-top-frame.html [ Pass ]
http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-user-gesture.html [ Pass ]
Modified: trunk/Source/WebCore/ChangeLog (225826 => 225827)
--- trunk/Source/WebCore/ChangeLog 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebCore/ChangeLog 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1,3 +1,45 @@
+2017-12-12 John Wilander <wilan...@apple.com>
+
+ Storage Access API: Implement frame-specific access in the network storage session layer
+ https://bugs.webkit.org/show_bug.cgi?id=180679
+ <rdar://problem/35982116>
+
+ Reviewed by Alex Christensen.
+
+ Tests: http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-and-try-access-from-right-frame.html
+ http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-but-try-access-from-wrong-frame.html
+
+ This changes adds frameID and pageID to what is communicated for
+ storage access and also stored in the network process' table of
+ partitioning exceptions.
+
+ * dom/Document.cpp:
+ (WebCore::Document::hasStorageAccess):
+ Now makes use of the new m_hasFrameSpecificStorageAccess to check
+ if access has already been granted to this document's domain and
+ frame.
+ (WebCore::Document::requestStorageAccess):
+ Now submits frameID and pageID in the request call and sets
+ m_hasFrameSpecificStorageAccess upon granted access callback.
+ * dom/Document.h:
+ * page/ChromeClient.h:
+ * platform/network/NetworkStorageSession.h:
+ * platform/network/cf/NetworkStorageSessionCFNet.cpp:
+ (WebCore::NetworkStorageSession::cookieStoragePartition const):
+ (WebCore::NetworkStorageSession::setPrevalentDomainsToPartitionOrBlockCookies):
+ (WebCore::NetworkStorageSession::isStorageAccessGranted const):
+ (WebCore::NetworkStorageSession::setStorageAccessGranted):
+ Now makes use of frameID and pageID for partitioning exceptions.
+ * platform/network/mac/CookieJarMac.mm:
+ (WebCore::cookiesInPartitionForURL):
+ (WebCore::setCookiesFromDOM):
+ Submits std::nullopt for frameID and pageID.
+ Follow-up work tracked in https://bugs.webkit.org/show_bug.cgi?id=180682.
+ * platform/network/mac/ResourceHandleMac.mm:
+ (WebCore::ResourceHandle::applySniffingPoliciesAndStoragePartitionIfNeeded):
+ Submits std::nullopt for frameID and pageID.
+ Follow-up work tracked in https://bugs.webkit.org/show_bug.cgi?id=180682.
+
2017-12-12 Youenn Fablet <you...@apple.com>
Playing webrtc video tracks should prevent from display to got to sleep
Modified: trunk/Source/WebCore/dom/Document.cpp (225826 => 225827)
--- trunk/Source/WebCore/dom/Document.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebCore/dom/Document.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -7406,6 +7406,9 @@
RefPtr<DeferredPromise> promise(WTFMove(passedPromise));
+ if (m_hasFrameSpecificStorageAccess)
+ promise->resolve<IDLBoolean>(true);
+
if (!m_frame || securityOrigin().isUnique()) {
promise->resolve<IDLBoolean>(false);
return;
@@ -7445,6 +7448,9 @@
RefPtr<DeferredPromise> promise(WTFMove(passedPromise));
+ if (m_hasFrameSpecificStorageAccess)
+ promise->resolve();
+
if (!m_frame || securityOrigin().isUnique()) {
promise->reject();
return;
@@ -7489,16 +7495,22 @@
builder.append(topHost);
builder.appendLiteral("?");
Page* page = this->page();
+
+ ASSERT(m_frame);
+ auto frameID = m_frame->loader().client().frameID();
+ auto pageID = m_frame->loader().client().pageID();
+
// FIXME: Don't use runJavaScriptConfirm because it responds synchronously.
if ((page && page->chrome().runJavaScriptConfirm(*m_frame, builder.toString())) || m_grantStorageAccessOverride) {
- page->chrome().client().requestStorageAccess(WTFMove(iframeHost), WTFMove(topHost), [documentReference = m_weakFactory.createWeakPtr(*this), promise] (bool wasGranted) {
+ page->chrome().client().requestStorageAccess(WTFMove(iframeHost), WTFMove(topHost), frameID, pageID, [documentReference = m_weakFactory.createWeakPtr(*this), promise] (bool wasGranted) {
Document* document = documentReference.get();
if (!document)
return;
- if (wasGranted)
+ if (wasGranted) {
+ document->m_hasFrameSpecificStorageAccess = true;
promise->resolve();
- else
+ } else
promise->reject();
});
return;
Modified: trunk/Source/WebCore/dom/Document.h (225826 => 225827)
--- trunk/Source/WebCore/dom/Document.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebCore/dom/Document.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1860,6 +1860,7 @@
static bool hasEverCreatedAnAXObjectCache;
+ bool m_hasFrameSpecificStorageAccess { false };
bool m_grantStorageAccessOverride { false };
RefPtr<DocumentTimeline> m_timeline;
Modified: trunk/Source/WebCore/page/ChromeClient.h (225826 => 225827)
--- trunk/Source/WebCore/page/ChromeClient.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebCore/page/ChromeClient.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -468,7 +468,7 @@
virtual RefPtr<Icon> createIconForFiles(const Vector<String>& /* filenames */) = 0;
virtual void hasStorageAccess(String&& /*subFrameHost*/, String&& /*topFrameHost*/, WTF::CompletionHandler<void (bool)>&& callback) { callback(false); }
- virtual void requestStorageAccess(String&& /*subFrameHost*/, String&& /*topFrameHost*/, WTF::CompletionHandler<void (bool)>&& callback) { callback(false); }
+ virtual void requestStorageAccess(String&& /*subFrameHost*/, String&& /*topFrameHost*/, uint64_t /*frameID*/, uint64_t /*pageID*/, WTF::CompletionHandler<void (bool)>&& callback) { callback(false); }
virtual void didInsertMenuElement(HTMLMenuElement&) { }
virtual void didRemoveMenuElement(HTMLMenuElement&) { }
Modified: trunk/Source/WebCore/platform/network/NetworkStorageSession.h (225826 => 225827)
--- trunk/Source/WebCore/platform/network/NetworkStorageSession.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebCore/platform/network/NetworkStorageSession.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -92,14 +92,14 @@
WEBCORE_EXPORT static void setCookieStoragePartitioningEnabled(bool);
WEBCORE_EXPORT static void setStorageAccessAPIEnabled(bool);
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
- WEBCORE_EXPORT String cookieStoragePartition(const ResourceRequest&) const;
+ WEBCORE_EXPORT String cookieStoragePartition(const ResourceRequest&, std::optional<uint64_t> frameID, std::optional<uint64_t> pageID) const;
WEBCORE_EXPORT bool shouldBlockCookies(const ResourceRequest&) const;
bool shouldBlockCookies(const URL& firstPartyForCookies, const URL& resource) const;
- String cookieStoragePartition(const URL& firstPartyForCookies, const URL& resource) const;
+ String cookieStoragePartition(const URL& firstPartyForCookies, const URL& resource, std::optional<uint64_t> frameID, std::optional<uint64_t> pageID) const;
WEBCORE_EXPORT void setPrevalentDomainsToPartitionOrBlockCookies(const Vector<String>& domainsToPartition, const Vector<String>& domainsToBlock, const Vector<String>& domainsToNeitherPartitionNorBlock, bool clearFirst);
WEBCORE_EXPORT void removePrevalentDomains(const Vector<String>& domains);
- WEBCORE_EXPORT bool isStorageAccessGranted(const String& resourceDomain, const String& firstPartyDomain) const;
- WEBCORE_EXPORT void setStorageAccessGranted(const String& resourceDomain, const String& firstPartyDomain, bool value);
+ WEBCORE_EXPORT bool isStorageAccessGranted(const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID) const;
+ WEBCORE_EXPORT void setStorageAccessGranted(const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool value);
#endif
#elif USE(SOUP)
NetworkStorageSession(PAL::SessionID, std::unique_ptr<SoupNetworkSession>&&);
@@ -158,7 +158,7 @@
bool shouldBlockThirdPartyCookies(const String& topPrivatelyControlledDomain) const;
HashSet<String> m_topPrivatelyControlledDomainsToPartition;
HashSet<String> m_topPrivatelyControlledDomainsToBlock;
- HashMap<String, HashSet<String>> m_domainsGrantedStorageAccess;
+ HashMap<uint64_t, HashMap<uint64_t, HashSet<String>, DefaultHash<uint64_t>::Hash, WTF::UnsignedWithZeroKeyHashTraits<uint64_t>>, DefaultHash<uint64_t>::Hash, WTF::UnsignedWithZeroKeyHashTraits<uint64_t>> m_framesGrantedStorageAccess;
#endif
#if PLATFORM(COCOA)
Modified: trunk/Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp (225826 => 225827)
--- trunk/Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -166,9 +166,9 @@
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
-String NetworkStorageSession::cookieStoragePartition(const ResourceRequest& request) const
+String NetworkStorageSession::cookieStoragePartition(const ResourceRequest& request, std::optional<uint64_t> frameID, std::optional<uint64_t> pageID) const
{
- return cookieStoragePartition(request.firstPartyForCookies(), request.url());
+ return cookieStoragePartition(request.firstPartyForCookies(), request.url(), frameID, pageID);
}
static inline String getPartitioningDomain(const URL& url)
@@ -183,7 +183,7 @@
return domain;
}
-String NetworkStorageSession::cookieStoragePartition(const URL& firstPartyForCookies, const URL& resource) const
+String NetworkStorageSession::cookieStoragePartition(const URL& firstPartyForCookies, const URL& resource, std::optional<uint64_t> frameID, std::optional<uint64_t> pageID) const
{
if (!cookieStoragePartitioningEnabled)
return emptyString();
@@ -196,7 +196,7 @@
if (firstPartyDomain == resourceDomain)
return emptyString();
- if (storageAccessAPIEnabled && isStorageAccessGranted(resourceDomain, firstPartyDomain))
+ if (storageAccessAPIEnabled && frameID && pageID && isStorageAccessGranted(resourceDomain, firstPartyDomain, frameID.value(), pageID.value()))
return emptyString();
return firstPartyDomain;
@@ -250,7 +250,7 @@
if (clearFirst) {
m_topPrivatelyControlledDomainsToPartition.clear();
m_topPrivatelyControlledDomainsToBlock.clear();
- m_domainsGrantedStorageAccess.clear();
+ m_framesGrantedStorageAccess.clear();
}
for (auto& domain : domainsToPartition) {
@@ -283,29 +283,53 @@
}
}
-bool NetworkStorageSession::isStorageAccessGranted(const String& resourceDomain, const String& firstPartyDomain) const
+bool NetworkStorageSession::isStorageAccessGranted(const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID) const
{
- auto it = m_domainsGrantedStorageAccess.find(firstPartyDomain);
- if (it == m_domainsGrantedStorageAccess.end())
+ UNUSED_PARAM(firstPartyDomain);
+
+ auto it1 = m_framesGrantedStorageAccess.find(frameID);
+ if (it1 == m_framesGrantedStorageAccess.end())
return false;
- return it->value.contains(resourceDomain);
+ auto it2 = it1->value.find(pageID);
+ if (it2 == it1->value.end())
+ return false;
+
+ return it2->value.contains(resourceDomain);
}
-void NetworkStorageSession::setStorageAccessGranted(const String& resourceDomain, const String& firstPartyDomain, bool value)
+void NetworkStorageSession::setStorageAccessGranted(const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool value)
{
- auto iterator = m_domainsGrantedStorageAccess.find(firstPartyDomain);
+ UNUSED_PARAM(firstPartyDomain);
+
+ auto it1 = m_framesGrantedStorageAccess.find(frameID);
if (value) {
- if (iterator == m_domainsGrantedStorageAccess.end())
- m_domainsGrantedStorageAccess.add(firstPartyDomain, HashSet<String>({ resourceDomain }));
- else
- iterator->value.add(resourceDomain);
+ if (it1 == m_framesGrantedStorageAccess.end()) {
+ HashMap<uint64_t, HashSet<String>, DefaultHash<uint64_t>::Hash, WTF::UnsignedWithZeroKeyHashTraits<uint64_t>> entry;
+ entry.add(pageID, HashSet<String>({ resourceDomain }));
+ m_framesGrantedStorageAccess.add(frameID, entry);
+ } else {
+ auto it2 = it1->value.find(pageID);
+ if (it2 == it1->value.end())
+ it1->value.add(pageID, HashSet<String>({ resourceDomain }));
+ else
+ it2->value.add(resourceDomain);
+ }
} else {
- if (iterator == m_domainsGrantedStorageAccess.end())
+ if (it1 == m_framesGrantedStorageAccess.end())
return;
- iterator->value.remove(resourceDomain);
- if (iterator->value.isEmpty())
- m_domainsGrantedStorageAccess.remove(firstPartyDomain);
+
+ auto it2 = it1->value.find(pageID);
+ if (it2 == it1->value.end())
+ return;
+
+ it2->value.remove(resourceDomain);
+
+ if (it2->value.isEmpty())
+ it1->value.remove(pageID);
+
+ if (it1->value.isEmpty())
+ m_framesGrantedStorageAccess.remove(frameID);
}
}
Modified: trunk/Source/WebCore/platform/network/mac/CookieJarMac.mm (225826 => 225827)
--- trunk/Source/WebCore/platform/network/mac/CookieJarMac.mm 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebCore/platform/network/mac/CookieJarMac.mm 2017-12-13 01:20:06 UTC (rev 225827)
@@ -124,7 +124,7 @@
static NSArray *cookiesInPartitionForURL(const NetworkStorageSession& session, const URL& firstParty, const URL& url)
{
- String partition = session.cookieStoragePartition(firstParty, url);
+ String partition = session.cookieStoragePartition(firstParty, url, std::nullopt, std::nullopt);
if (partition.isEmpty())
return nil;
@@ -260,7 +260,7 @@
ASSERT([filteredCookies.get() count] <= 1);
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
- String partition = session.cookieStoragePartition(firstParty, url);
+ String partition = session.cookieStoragePartition(firstParty, url, std::nullopt, std::nullopt);
if (!partition.isEmpty())
filteredCookies = applyPartitionToCookies(partition, filteredCookies.get());
#endif
Modified: trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm (225826 => 225827)
--- trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2017-12-13 01:20:06 UTC (rev 225827)
@@ -115,7 +115,7 @@
shouldContentEncodingSniff = true;
#endif
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
- String storagePartition = d->m_context->storageSession().cookieStoragePartition(firstRequest());
+ String storagePartition = d->m_context->storageSession().cookieStoragePartition(firstRequest(), std::nullopt, std::nullopt);
#else
String storagePartition;
#endif
Modified: trunk/Source/WebKit/ChangeLog (225826 => 225827)
--- trunk/Source/WebKit/ChangeLog 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/ChangeLog 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1,3 +1,56 @@
+2017-12-12 John Wilander <wilan...@apple.com>
+
+ Storage Access API: Implement frame-specific access in the network storage session layer
+ https://bugs.webkit.org/show_bug.cgi?id=180679
+ <rdar://problem/35982116>
+
+ Reviewed by Alex Christensen.
+
+ This changes adds frameID and pageID to what is communicated for
+ storage access and also stored in the network process' table of
+ partitioning exceptions.
+
+ * NetworkProcess/NetworkDataTask.cpp:
+ (WebKit::NetworkDataTask::create):
+ Now stores frameID and pageID for the task for easy retrieval
+ in the HSTS checks.
+ * NetworkProcess/NetworkProcess.cpp:
+ (WebKit::NetworkProcess::updateStorageAccessForPrevalentDomains):
+ * NetworkProcess/NetworkProcess.h:
+ * NetworkProcess/NetworkProcess.messages.in:
+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+ (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
+ (WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
+ These two methods now submit frameID and pageID to the
+ partitioning query call.
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
+ (-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]):
+ These two methods now submit frameID and pageID to the
+ partitioning query call.
+ * UIProcess/Network/NetworkProcessProxy.cpp:
+ (WebKit::NetworkProcessProxy::updateStorageAccessForPrevalentDomains):
+ * UIProcess/Network/NetworkProcessProxy.h:
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::requestStorageAccess):
+ * UIProcess/WebPageProxy.h:
+ * UIProcess/WebPageProxy.messages.in:
+ * UIProcess/WebResourceLoadStatisticsStore.cpp:
+ (WebKit::WebResourceLoadStatisticsStore::requestStorageAccess):
+ * UIProcess/WebResourceLoadStatisticsStore.h:
+ * UIProcess/WebsiteData/WebsiteDataStore.cpp:
+ (WebKit::WebsiteDataStore::updateStorageAccessForPrevalentDomainsHandler):
+ (WebKit::WebsiteDataStore::enableResourceLoadStatisticsAndSetTestingCallback):
+ (WebKit::WebsiteDataStore::requestStorageAccess):
+ * UIProcess/WebsiteData/WebsiteDataStore.h:
+ * WebProcess/WebCoreSupport/WebChromeClient.cpp:
+ (WebKit::WebChromeClient::requestStorageAccess):
+ * WebProcess/WebCoreSupport/WebChromeClient.h:
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::requestStorageAccess):
+ * WebProcess/WebPage/WebPage.h:
+
2017-12-12 Alex Christensen <achristen...@webkit.org>
Modernize WebsiteDataStoreParameters and SandboxExtension::Handle decoding
Modified: trunk/Source/WebKit/NetworkProcess/NetworkDataTask.cpp (225826 => 225827)
--- trunk/Source/WebKit/NetworkProcess/NetworkDataTask.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/NetworkProcess/NetworkDataTask.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -53,7 +53,7 @@
return NetworkDataTaskBlob::create(session, client, parameters.request, parameters.contentSniffingPolicy, parameters.blobFileReferences);
#if PLATFORM(COCOA)
- return NetworkDataTaskCocoa::create(session, client, parameters.request, parameters.storedCredentialsPolicy, parameters.contentSniffingPolicy, parameters.contentEncodingSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect, parameters.shouldPreconnectOnly);
+ return NetworkDataTaskCocoa::create(session, client, parameters.request, parameters.webFrameID, parameters.webPageID, parameters.storedCredentialsPolicy, parameters.contentSniffingPolicy, parameters.contentEncodingSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect, parameters.shouldPreconnectOnly);
#endif
#if USE(SOUP)
return NetworkDataTaskSoup::create(session, client, parameters.request, parameters.storedCredentialsPolicy, parameters.contentSniffingPolicy, parameters.contentEncodingSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect);
Modified: trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp (225826 => 225827)
--- trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -335,12 +335,12 @@
networkStorageSession->setPrevalentDomainsToPartitionOrBlockCookies(domainsToPartition, domainsToBlock, domainsToNeitherPartitionNorBlock, shouldClearFirst);
}
-void NetworkProcess::updateStorageAccessForPrevalentDomains(PAL::SessionID sessionID, const String& resourceDomain, const String& firstPartyDomain, bool shouldGrantStorage, uint64_t contextId)
+void NetworkProcess::updateStorageAccessForPrevalentDomains(PAL::SessionID sessionID, const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool shouldGrantStorage, uint64_t contextId)
{
bool isStorageGranted = false;
if (auto* networkStorageSession = NetworkStorageSession::storageSession(sessionID)) {
- networkStorageSession->setStorageAccessGranted(resourceDomain, firstPartyDomain, shouldGrantStorage);
- ASSERT(networkStorageSession->isStorageAccessGranted(resourceDomain, firstPartyDomain) == shouldGrantStorage);
+ networkStorageSession->setStorageAccessGranted(resourceDomain, firstPartyDomain, frameID, pageID, shouldGrantStorage);
+ ASSERT(networkStorageSession->isStorageAccessGranted(resourceDomain, firstPartyDomain, frameID, pageID) == shouldGrantStorage);
isStorageGranted = shouldGrantStorage;
} else
ASSERT_NOT_REACHED();
Modified: trunk/Source/WebKit/NetworkProcess/NetworkProcess.h (225826 => 225827)
--- trunk/Source/WebKit/NetworkProcess/NetworkProcess.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/NetworkProcess/NetworkProcess.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -138,7 +138,7 @@
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
void updatePrevalentDomainsToPartitionOrBlockCookies(PAL::SessionID, const Vector<String>& domainsToPartition, const Vector<String>& domainsToBlock, const Vector<String>& domainsToNeitherPartitionNorBlock, bool shouldClearFirst);
- void updateStorageAccessForPrevalentDomains(PAL::SessionID, const String& resourceDomain, const String& firstPartyDomain, bool value, uint64_t contextId);
+ void updateStorageAccessForPrevalentDomains(PAL::SessionID, const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool value, uint64_t contextId);
void removePrevalentDomains(PAL::SessionID, const Vector<String>& domains);
#endif
Modified: trunk/Source/WebKit/NetworkProcess/NetworkProcess.messages.in (225826 => 225827)
--- trunk/Source/WebKit/NetworkProcess/NetworkProcess.messages.in 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/NetworkProcess/NetworkProcess.messages.in 2017-12-13 01:20:06 UTC (rev 225827)
@@ -83,7 +83,7 @@
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
UpdatePrevalentDomainsToPartitionOrBlockCookies(PAL::SessionID sessionID, Vector<String> domainsToPartition, Vector<String> domainsToBlock, Vector<String> domainsToNeitherPartitionNorBlock, bool shouldClearFirst)
- UpdateStorageAccessForPrevalentDomains(PAL::SessionID sessionID, String resourceDomain, String firstPartyDomain, bool shouldGrantAccess, uint64_t contextId)
+ UpdateStorageAccessForPrevalentDomains(PAL::SessionID sessionID, String resourceDomain, String firstPartyDomain, uint64_t frameID, uint64_t pageID, bool shouldGrantAccess, uint64_t contextId)
RemovePrevalentDomains(PAL::SessionID sessionID, Vector<String> domainsWithInteraction);
#endif
}
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h (225826 => 225827)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -41,9 +41,9 @@
class NetworkDataTaskCocoa final : public NetworkDataTask {
friend class NetworkSessionCocoa;
public:
- static Ref<NetworkDataTask> create(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& request, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly)
+ static Ref<NetworkDataTask> create(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& request, uint64_t frameID, uint64_t pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly)
{
- return adoptRef(*new NetworkDataTaskCocoa(session, client, request, storedCredentialsPolicy, shouldContentSniff, shouldContentEncodingSniff, shouldClearReferrerOnHTTPSToHTTPRedirect, shouldPreconnectOnly));
+ return adoptRef(*new NetworkDataTaskCocoa(session, client, request, frameID, pageID, storedCredentialsPolicy, shouldContentSniff, shouldContentEncodingSniff, shouldClearReferrerOnHTTPSToHTTPRedirect, shouldPreconnectOnly));
}
~NetworkDataTaskCocoa();
@@ -69,8 +69,11 @@
WebCore::NetworkLoadMetrics& networkLoadMetrics() { return m_networkLoadMetrics; }
+ uint64_t frameID() const { return m_frameID; };
+ uint64_t pageID() const { return m_pageID; };
+
private:
- NetworkDataTaskCocoa(NetworkSession&, NetworkDataTaskClient&, const WebCore::ResourceRequest&, WebCore::StoredCredentialsPolicy, WebCore::ContentSniffingPolicy, WebCore::ContentEncodingSniffingPolicy, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly);
+ NetworkDataTaskCocoa(NetworkSession&, NetworkDataTaskClient&, const WebCore::ResourceRequest&, uint64_t frameID, uint64_t pageID, WebCore::StoredCredentialsPolicy, WebCore::ContentSniffingPolicy, WebCore::ContentEncodingSniffingPolicy, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly);
bool tryPasswordBasedAuthentication(const WebCore::AuthenticationChallenge&, ChallengeCompletionHandler&);
void applySniffingPoliciesAndBindRequestToInferfaceIfNeeded(NSURLRequest*&, bool shouldContentSniff, bool shouldContentEncodingSniff);
@@ -78,6 +81,8 @@
RefPtr<SandboxExtension> m_sandboxExtension;
RetainPtr<NSURLSessionDataTask> m_task;
WebCore::NetworkLoadMetrics m_networkLoadMetrics;
+ uint64_t m_frameID;
+ uint64_t m_pageID;
};
WebCore::Credential serverTrustCredential(const WebCore::AuthenticationChallenge&);
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (225826 => 225827)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2017-12-13 01:20:06 UTC (rev 225827)
@@ -101,8 +101,10 @@
nsRequest = mutableRequest.autorelease();
}
-NetworkDataTaskCocoa::NetworkDataTaskCocoa(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly)
+NetworkDataTaskCocoa::NetworkDataTaskCocoa(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials, uint64_t frameID, uint64_t pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly)
: NetworkDataTask(session, client, requestWithCredentials, storedCredentialsPolicy, shouldClearReferrerOnHTTPSToHTTPRedirect)
+ , m_frameID(frameID)
+ , m_pageID(pageID)
{
if (m_scheduledFailureType != NoFailure)
return;
@@ -161,7 +163,7 @@
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
if (storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::Use) {
- String storagePartition = session.networkStorageSession().cookieStoragePartition(request);
+ String storagePartition = session.networkStorageSession().cookieStoragePartition(request, m_frameID, m_pageID);
if (!storagePartition.isEmpty()) {
LOG(NetworkSession, "%llu Partitioning cookies for URL %s", [m_task taskIdentifier], nsRequest.URL.absoluteString.UTF8String);
m_task.get()._storagePartitionIdentifier = storagePartition;
@@ -275,7 +277,7 @@
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
if (m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::Use) {
- String requiredStoragePartition = m_session->networkStorageSession().cookieStoragePartition(request);
+ String requiredStoragePartition = m_session->networkStorageSession().cookieStoragePartition(request, m_frameID, m_pageID);
if (shouldChangePartition(requiredStoragePartition, m_task.get()._storagePartitionIdentifier)) {
LOG(NetworkSession, "%llu %s cookies for redirected URL %s", [m_task taskIdentifier], (requiredStoragePartition.isEmpty() ? "Not partitioning" : "Partitioning"), request.url().string().utf8().data());
m_task.get()._storagePartitionIdentifier = requiredStoragePartition;
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (225826 => 225827)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2017-12-13 01:20:06 UTC (rev 225827)
@@ -215,7 +215,7 @@
bool shouldIgnoreHSTS = false;
#if USE(CFNETWORK_IGNORE_HSTS)
- shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
+ shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request, networkDataTask->frameID(), networkDataTask->pageID())).isEmpty();
if (shouldIgnoreHSTS) {
request = downgradeRequest(request);
ASSERT([request.URL.scheme isEqualToString:@"http"]);
@@ -245,17 +245,17 @@
auto taskIdentifier = task.taskIdentifier;
LOG(NetworkSession, "%llu _schemeUpgraded %s", taskIdentifier, request.URL.absoluteString.UTF8String);
- bool shouldIgnoreHSTS = false;
+ if (auto* networkDataTask = [self existingTask:task]) {
+ bool shouldIgnoreHSTS = false;
#if USE(CFNETWORK_IGNORE_HSTS)
- shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
- if (shouldIgnoreHSTS) {
- request = downgradeRequest(request);
- ASSERT([request.URL.scheme isEqualToString:@"http"]);
- LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
- }
+ shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request, networkDataTask->frameID(), networkDataTask->pageID())).isEmpty();
+ if (shouldIgnoreHSTS) {
+ request = downgradeRequest(request);
+ ASSERT([request.URL.scheme isEqualToString:@"http"]);
+ LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
+ }
#endif
- if (auto* networkDataTask = [self existingTask:task]) {
auto completionHandlerCopy = Block_copy(completionHandler);
networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto&& request) {
#if !LOG_DISABLED
Modified: trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp (225826 => 225827)
--- trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -408,12 +408,12 @@
return ++nextContextId;
}
-void NetworkProcessProxy::updateStorageAccessForPrevalentDomains(PAL::SessionID sessionID, const String& resourceDomain, const String& firstPartyDomain, bool value, WTF::CompletionHandler<void(bool)>&& callback)
+void NetworkProcessProxy::updateStorageAccessForPrevalentDomains(PAL::SessionID sessionID, const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool value, WTF::CompletionHandler<void(bool)>&& callback)
{
auto contextId = nextRequestStorageAccessContextId();
auto addResult = m_storageAccessResponseCallbackMap.add(contextId, WTFMove(callback));
ASSERT_UNUSED(addResult, addResult.isNewEntry);
- send(Messages::NetworkProcess::UpdateStorageAccessForPrevalentDomains(sessionID, resourceDomain, firstPartyDomain, value, contextId), 0);
+ send(Messages::NetworkProcess::UpdateStorageAccessForPrevalentDomains(sessionID, resourceDomain, firstPartyDomain, frameID, pageID, value, contextId), 0);
}
void NetworkProcessProxy::storageAccessRequestResult(bool wasGranted, uint64_t contextId)
Modified: trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h (225826 => 225827)
--- trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -78,7 +78,7 @@
#endif
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
- void updateStorageAccessForPrevalentDomains(PAL::SessionID, const String& resourceDomain, const String& firstPartyDomain, bool value, WTF::CompletionHandler<void(bool)>&& callback);
+ void updateStorageAccessForPrevalentDomains(PAL::SessionID, const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool value, WTF::CompletionHandler<void(bool)>&& callback);
#endif
void processReadyToSuspend();
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (225826 => 225827)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -7174,9 +7174,10 @@
});
}
-void WebPageProxy::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t webProcessContextId)
+void WebPageProxy::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, uint64_t webProcessContextId)
{
- m_websiteDataStore->requestStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), [this, webProcessContextId] (bool wasGranted) {
+ ASSERT(pageID == m_pageID);
+ m_websiteDataStore->requestStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), frameID, pageID, [this, webProcessContextId] (bool wasGranted) {
m_process->send(Messages::WebPage::StorageAccessResponse(wasGranted, webProcessContextId), m_pageID);
});
}
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.h (225826 => 225827)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1240,7 +1240,7 @@
#endif
void hasStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t webProcessContextId);
- void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t webProcessContextId);
+ void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, uint64_t webProcessContextId);
#if ENABLE(ATTACHMENT_ELEMENT)
void insertAttachment(const String& identifier, const WebCore::AttachmentDisplayOptions&, const String& filename, std::optional<String> contentType, WebCore::SharedBuffer& data, Function<void(CallbackBase::Error)>&&);
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in (225826 => 225827)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2017-12-13 01:20:06 UTC (rev 225827)
@@ -509,7 +509,7 @@
StopURLSchemeTask(uint64_t handlerIdentifier, uint64_t taskIdentifier)
HasStorageAccess(String subFrameHost, String topFrameHost, uint64_t contextID)
- RequestStorageAccess(String subFrameHost, String topFrameHost, uint64_t contextID)
+ RequestStorageAccess(String subFrameHost, String topFrameHost, uint64_t frameID, uint64_t pageID, uint64_t contextID)
#if ENABLE(ATTACHMENT_ELEMENT)
DidInsertAttachment(String identifier)
Modified: trunk/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp (225826 => 225827)
--- trunk/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -268,19 +268,13 @@
});
}
-void WebResourceLoadStatisticsStore::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback)
+void WebResourceLoadStatisticsStore::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, WTF::CompletionHandler<void (bool)>&& callback)
{
ASSERT(subFrameHost != topFrameHost);
ASSERT(RunLoop::isMain());
- m_statisticsQueue->dispatch([this, protectedThis = makeRef(*this), subFramePrimaryDomain = isolatedPrimaryDomain(subFrameHost), topFramePrimaryDomain = isolatedPrimaryDomain(topFrameHost), callback = WTFMove(callback)] () mutable {
+ m_statisticsQueue->dispatch([this, protectedThis = makeRef(*this), subFramePrimaryDomain = isolatedPrimaryDomain(subFrameHost), topFramePrimaryDomain = isolatedPrimaryDomain(topFrameHost), frameID, pageID, callback = WTFMove(callback)] () mutable {
- auto& topFrameStatistic = ensureResourceStatisticsForPrimaryDomain(topFramePrimaryDomain);
- if (topFrameStatistic.storageAccessUnderTopFrameOrigins.contains(subFramePrimaryDomain)) {
- callback(true);
- return;
- }
-
auto& subFrameStatistic = ensureResourceStatisticsForPrimaryDomain(subFramePrimaryDomain);
if (shouldBlockCookies(subFrameStatistic)) {
callback(false);
@@ -292,8 +286,7 @@
return;
}
- m_updateStorageAccessForPrevalentDomainsHandler(subFramePrimaryDomain, topFramePrimaryDomain, true, WTFMove(callback));
- topFrameStatistic.storageAccessUnderTopFrameOrigins.add(subFramePrimaryDomain);
+ m_updateStorageAccessForPrevalentDomainsHandler(subFramePrimaryDomain, topFramePrimaryDomain, frameID, pageID, true, WTFMove(callback));
});
}
Modified: trunk/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h (225826 => 225827)
--- trunk/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -61,9 +61,9 @@
class WebResourceLoadStatisticsStore final : public IPC::Connection::WorkQueueMessageReceiver {
public:
using UpdatePrevalentDomainsToPartitionOrBlockCookiesHandler = WTF::Function<void(const Vector<String>& domainsToPartition, const Vector<String>& domainsToBlock, const Vector<String>& domainsToNeitherPartitionNorBlock, ShouldClearFirst)>;
- using UpdateStorageAccessForPrevalentDomainsHandler = WTF::Function<void(const String& resourceDomain, const String& firstPartyDomain, bool value, WTF::Function<void(bool wasGranted)>&& callback)>;
+ using UpdateStorageAccessForPrevalentDomainsHandler = WTF::Function<void(const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool value, WTF::Function<void(bool wasGranted)>&& callback)>;
using RemovePrevalentDomainsHandler = WTF::Function<void (const Vector<String>&)>;
- static Ref<WebResourceLoadStatisticsStore> create(const String& resourceLoadStatisticsDirectory, Function<void (const String&)>&& testingCallback, UpdatePrevalentDomainsToPartitionOrBlockCookiesHandler&& updatePrevalentDomainsToPartitionOrBlockCookiesHandler = [](const Vector<String>&, const Vector<String>&, const Vector<String>&, ShouldClearFirst) { }, UpdateStorageAccessForPrevalentDomainsHandler&& updateStorageAccessForPrevalentDomainsHandler = [](const String&, const String&, bool, WTF::Function<void(bool)>&&) { }, RemovePrevalentDomainsHandler&& removeDomainsHandler = [] (const Vector<String>&) { })
+ static Ref<WebResourceLoadStatisticsStore> create(const String& resourceLoadStatisticsDirectory, Function<void (const String&)>&& testingCallback, UpdatePrevalentDomainsToPartitionOrBlockCookiesHandler&& updatePrevalentDomainsToPartitionOrBlockCookiesHandler = [](const Vector<String>&, const Vector<String>&, const Vector<String>&, ShouldClearFirst) { }, UpdateStorageAccessForPrevalentDomainsHandler&& updateStorageAccessForPrevalentDomainsHandler = [](const String&, const String&, uint64_t, uint64_t, bool, WTF::Function<void(bool)>&&) { }, RemovePrevalentDomainsHandler&& removeDomainsHandler = [] (const Vector<String>&) { })
{
return adoptRef(*new WebResourceLoadStatisticsStore(resourceLoadStatisticsDirectory, WTFMove(testingCallback), WTFMove(updatePrevalentDomainsToPartitionOrBlockCookiesHandler), WTFMove(updateStorageAccessForPrevalentDomainsHandler), WTFMove(removeDomainsHandler)));
}
@@ -82,7 +82,7 @@
void resourceLoadStatisticsUpdated(Vector<WebCore::ResourceLoadStatistics>&& origins);
void hasStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback);
- void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback);
+ void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, WTF::CompletionHandler<void (bool)>&& callback);
void requestStorageAccessCallback(bool wasGranted, uint64_t contextId);
void processWillOpenConnection(WebProcessProxy&, IPC::Connection&);
Modified: trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp (225826 => 225827)
--- trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1141,10 +1141,10 @@
processPool->sendToNetworkingProcess(Messages::NetworkProcess::UpdatePrevalentDomainsToPartitionOrBlockCookies(m_sessionID, domainsToPartition, domainsToBlock, domainsToNeitherPartitionNorBlock, shouldClearFirst == ShouldClearFirst::Yes));
}
-void WebsiteDataStore::updateStorageAccessForPrevalentDomainsHandler(const String& resourceDomain, const String& firstPartyDomain, bool value, WTF::CompletionHandler<void(bool wasGranted)>&& callback)
+void WebsiteDataStore::updateStorageAccessForPrevalentDomainsHandler(const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool value, WTF::CompletionHandler<void(bool wasGranted)>&& callback)
{
for (auto& processPool : processPools())
- processPool->networkProcess()->updateStorageAccessForPrevalentDomains(m_sessionID, resourceDomain, firstPartyDomain, value, WTFMove(callback));
+ processPool->networkProcess()->updateStorageAccessForPrevalentDomains(m_sessionID, resourceDomain, firstPartyDomain, frameID, pageID, value, WTFMove(callback));
}
void WebsiteDataStore::removePrevalentDomains(const Vector<String>& domains)
@@ -1342,8 +1342,8 @@
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
m_resourceLoadStatistics = WebResourceLoadStatisticsStore::create(m_configuration.resourceLoadStatisticsDirectory, WTFMove(callback), [this] (const Vector<String>& domainsToPartition, const Vector<String>& domainsToBlock, const Vector<String>& domainsToNeitherPartitionNorBlock, ShouldClearFirst shouldClearFirst) {
updatePrevalentDomainsToPartitionOrBlockCookies(domainsToPartition, domainsToBlock, domainsToNeitherPartitionNorBlock, shouldClearFirst);
- }, [this, protectedThis = makeRef(*this)] (const String& resourceDomain, const String& firstPartyDomain, bool value, WTF::Function<void(bool wasGranted)>&& callback) {
- updateStorageAccessForPrevalentDomainsHandler(resourceDomain, firstPartyDomain, value, WTFMove(callback));
+ }, [this, protectedThis = makeRef(*this)] (const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool value, WTF::Function<void(bool wasGranted)>&& callback) {
+ updateStorageAccessForPrevalentDomainsHandler(resourceDomain, firstPartyDomain, frameID, pageID, value, WTFMove(callback));
}, [this, protectedThis = makeRef(*this)] (const Vector<String>& domainsToRemove) {
removePrevalentDomains(domainsToRemove);
});
@@ -1411,7 +1411,7 @@
m_resourceLoadStatistics->hasStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), WTFMove(callback));
}
-void WebsiteDataStore::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback)
+void WebsiteDataStore::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, WTF::CompletionHandler<void (bool)>&& callback)
{
if (!resourceLoadStatisticsEnabled()) {
callback(false);
@@ -1418,7 +1418,7 @@
return;
}
- m_resourceLoadStatistics->requestStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), WTFMove(callback));
+ m_resourceLoadStatistics->requestStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), frameID, pageID, WTFMove(callback));
}
#if !PLATFORM(COCOA)
Modified: trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h (225826 => 225827)
--- trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -116,7 +116,7 @@
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
void updatePrevalentDomainsToPartitionOrBlockCookies(const Vector<String>& domainsToPartition, const Vector<String>& domainsToBlock, const Vector<String>& domainsToNeitherPartitionNorBlock, ShouldClearFirst);
- void updateStorageAccessForPrevalentDomainsHandler(const String& resourceDomain, const String& firstPartyDomain, bool value, WTF::CompletionHandler<void(bool wasGranted)>&& callback);
+ void updateStorageAccessForPrevalentDomainsHandler(const String& resourceDomain, const String& firstPartyDomain, uint64_t frameID, uint64_t pageID, bool value, WTF::CompletionHandler<void(bool wasGranted)>&& callback);
void removePrevalentDomains(const Vector<String>& domains);
#endif
void networkProcessDidCrash();
@@ -145,7 +145,7 @@
void enableResourceLoadStatisticsAndSetTestingCallback(Function<void (const String&)>&& callback);
void hasStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback);
- void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback);
+ void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, WTF::CompletionHandler<void (bool)>&& callback);
void setBoundInterfaceIdentifier(String&& identifier) { m_boundInterfaceIdentifier = WTFMove(identifier); }
const String& boundInterfaceIdentifier() { return m_boundInterfaceIdentifier; }
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp (225826 => 225827)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1261,9 +1261,9 @@
m_page.hasStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), WTFMove(callback));
}
-void WebChromeClient::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback)
+void WebChromeClient::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, WTF::CompletionHandler<void (bool)>&& callback)
{
- m_page.requestStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), WTFMove(callback));
+ m_page.requestStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), frameID, pageID, WTFMove(callback));
}
} // namespace WebKit
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h (225826 => 225827)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -350,7 +350,7 @@
void didInvalidateDocumentMarkerRects() final;
void hasStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&&) final;
- void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&&) final;
+ void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, WTF::CompletionHandler<void (bool)>&&) final;
String m_cachedToolTip;
mutable RefPtr<WebFrame> m_cachedFrameSetLargestFrame;
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (225826 => 225827)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2017-12-13 01:20:06 UTC (rev 225827)
@@ -5821,13 +5821,13 @@
callback(false);
}
-void WebPage::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback)
+void WebPage::requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, WTF::CompletionHandler<void (bool)>&& callback)
{
auto contextId = nextRequestStorageAccessContextId();
auto addResult = m_storageAccessResponseCallbackMap.add(contextId, WTFMove(callback));
ASSERT(addResult.isNewEntry);
if (addResult.iterator->value)
- send(Messages::WebPageProxy::RequestStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), contextId));
+ send(Messages::WebPageProxy::RequestStorageAccess(WTFMove(subFrameHost), WTFMove(topFrameHost), frameID, pageID, contextId));
else
callback(false);
}
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.h (225826 => 225827)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.h 2017-12-13 01:18:20 UTC (rev 225826)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.h 2017-12-13 01:20:06 UTC (rev 225827)
@@ -1025,7 +1025,7 @@
void flushPendingEditorStateUpdate();
void hasStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback);
- void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, WTF::CompletionHandler<void (bool)>&& callback);
+ void requestStorageAccess(String&& subFrameHost, String&& topFrameHost, uint64_t frameID, uint64_t pageID, WTF::CompletionHandler<void (bool)>&& callback);
void storageAccessResponse(bool wasGranted, uint64_t contextId);
#if ENABLE(ATTACHMENT_ELEMENT)